Hi guys,
I have a REST API app that's build on top of DW 0.6.2.
For testing purposes I'm using the legacy+ssl, and the provided SSL certificate keystore that's on the DW github repo.
This has been working fine until recently, when I added some authorization scheme on server side.
Basically, when I issue the XmlHttpRequest in javascript, I do this:
xmlhttp.setRequestHeader("Authorization, "authorize");
xmlhttp.send();
However, it looks like the request never actually hits the resource endpoint, and in the logs I keep getting:
DEBUG [2013-12-16 07:32:54,923] org.eclipse.jetty.io.nio.ssl:
! javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
! at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[na:1.7.0_40]
! at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) ~[na:1.7.0_40]
! at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1587) ~[na:1.7.0_40]
! at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1517) ~[na:1.7.0_40]
! at org.eclipse.jetty.io.nio.SslConnection.closeInbound(SslConnection.java:435) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312]
! at org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:409) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312]
The strange thing is when I switch back to HTTP instead of HTTPS, this javascript code will work, so I'm guessing it has smething to do with the SSL. However, if there is no Authorization header, this all works fine on both HTTPS and HTTP, so I don't really know what's going on here.
(I'm 95% sure it's not cross-origin issue, I've already added the CrossOriginFilter and followed the config for allowing Authorization header)
Any help/suggestions would be appreciated.
Thanks so much!
Nick